Index Manipulation
T12 · RAG & Knowledge Base Manipulation →RAG systems using hybrid retrieval (vector search + keyword/BM25) maintain inverted indexes for lexical matching. Index manipulation attacks target these traditional information retrieval structures: injecting false terms, corrupting posting lists, manipulating term frequency statistics (TF-IDF), and exploiting index update race conditions. The assumption violated is that the index faithfully represents the document corpus — when indexes can be directly modified or influenced through document injection, the retrieval results diverge from the actual document content.
- Index integrity checksums; detect unauthorized modifications
- Monitor index statistics for anomalous changes in term distributions
- Compare index entries against actual document corpus; detect phantom entries
- Observable signal: retrieval results inconsistent with direct document search
Index manipulation enables T12-AT-002 (Retrieval Manipulation) by controlling which documents appear in keyword-based retrieval. Combines with T12-AT-005 (Embedding Manipulation) for comprehensive hybrid-retrieval attacks.